التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام



العودة   :: vBspiders Professional Network :: > [ ::. قـسم الأختراق المتقدم .:: Advanced Hacking Section .:: ] > Penteration Testing Training

 
 
LinkBack أدوات الموضوع انواع عرض الموضوع
قديم 02-10-2011, 06:36 PM   رقم المشاركة : 1 (permalink)
معلومات العضو
anti-trust
Your Worst Enemy
 
الصورة الرمزية anti-trust
 

 

 
إحصائية العضو






anti-trust غير متواجد حالياً

 

 

إحصائية الترشيح

عدد النقاط : 10
anti-trust is on a distinguished road

افتراضي MYSQL TESTING


MYSQL TESTING





SQL injection allows an attacker to access the SQL servers. It allows for the execution of SQL
code under the privileges of the user used to connect to the database


How to Test !!!


When a SQL Injection is found with MYSQL as DBMS backend

there are a number of attacks that could be accomplished

depending on MYSQL version and user privileges on DBMS

MySQL quote escaping is the following:
'A string with \'quotes\''


* Every version has a set of features proportional to version number


* From Version 4.0: UNION
* From Version 4.1: Subqueries
* From Version 5.0: Stored procedures, Stored functions and the view named INFORMATION_SCHEMA
* From Version 5.0.2: Triggers

We will Talk More latter
About MYSQL Injection in Next Module


in this part ill use An Auto Tools





in this video we will Discover How To use The w3af


based on MYSQL Error using SQLMAP


What The SQL INJECTION Script Do


1- plugin sends the string d'z"0 to every injection point

2- and searches for SQL errors in the response body


its look like Create the vuln

كود:
 v.setDesc( 'SQL injection in a '+ v['db'] +' was found at: ' + mutant.foundAt() )
and Here Discover it




كود:
# MYSQL errors.append( ('supplied argument is not a valid MySQL', dbms.MYSQL ) ) errors.append( ('Column count doesn\'t match value count at row', dbms.MYSQL ) ) errors.append( ('mysql_fetch_array\\(\\)', dbms.MYSQL ) ) errors.append( ('mysql_', dbms.MYSQL ) ) errors.append( ('on MYSQL result index', dbms.MYSQL ) ) errors.append( ('You have an error in your SQL syntax;', dbms.MYSQL ) ) errors.append( ('You have an error in your SQL syntax near', dbms.MYSQL ) ) errors.append( ('MySQL server version for the right syntax to use', dbms.MYSQL ) ) errors.append( ('\\[MySQL\\]\\[ODBC', dbms.MYSQL )) errors.append( ("Column count doesn't match", dbms.MYSQL )) errors.append( ("the used select statements have different number of columns", dbms.MYSQL )) errors.append( ("Table '[^']+' doesn't exist", dbms.MYSQL )) errors.append( ("DBD::mysql::st execute failed", dbms.MYSQL )) errors.append( ("DBD::mysql::db do failed:", dbms.MYSQL ))



and now To watch this video on vbspiders broadcast


its always online
كود:

http://player.vimeo.com/video/19789056



password : vbspiders.com


Best Regards



MYSQL TESTING

   

رد مع اقتباس
 

مواقع النشر (المفضلة)


تعليمات المشاركة
لا تستطيع إضافة مواضيع جديدة
لا تستطيع الرد على المواضيع
لا تستطيع إرفاق ملفات
لا تستطيع تعديل مشاركاتك

BB code is متاحة
كود [IMG] متاحة
كود HTML معطلة
Trackbacks are متاحة
Pingbacks are متاحة
Refbacks are متاحة

الانتقال السريع


الساعة الآن 05:09 AM


[ vBspiders.Com Network ]

SEO by vBSEO 3.6.0